The ExtraHop Wire Data analysis appliance analyses the entire Layer 2 to 7 communications and provides through the so correlated data essential information on the performance of popular applications, availability and security. Recognizable attacks generally require immediate action that can be implemented in real time by the macmon Network Access Control solution. The direct coupling of the two systems and the associated automated response to attacks and anomalies will be explained in this paper.

macmon with ExtraHop

Following a technical evaluation programme, the technology alliance will allow channel partners and end-customers to seamlessly deploy integrated ExtraHop and macmon solutions to deliver enhanced features such as automatically quarantining endpoints through macmon NAC solutions based on anomaly behaviour detection by ExtraHop.

ExtraHop offers real-time wire data analytics and visualisations of it. By integrating with macmon, endpoints can be isolated from the network instantaneously, when – for example – an unusual activity takes place, like a large number login attempts in a short time period at a server or database, which is detected by ExtraHop.